Cyber Risk Analyst (VA/PT) (Business Analyst 1)

ABOUT THE COMPANY

The Central Bank of Kenya was established in 1966 through an Act of Parliament - the Central Bank of Kenya Act of 1966. The establishment of the Bank was a direct result of the desire among the three East African states to have independent monetary and financial policies. This led to the collapse of the East Africa Currency Board (EACB) in mid 1960s.
Following the promulgation of the new constitution on August 27th, 2010, the Central Bank of Kenya (CBK) is now established under Article 231 of the Constitution, 2010. Under this Article the Central Bank has the responsibility of formulating monetary policy, promoting price stability, issuing currency and performing any other functions conferred on it by an Act of Parliament.
The Constitution guides that “the Central Bank shall not be under the direction or control of any person or authority in the exercise of its powers or performance of its functions”.

JOB SUMMARY

QualificationsA Bachelor’s Degree in Information Technology, Computer Engineering, Telecommunications and Information Engineering & Computer Science and/or any related qualification.Professional certification(s) in VA/PT (CEH) and Cybersecurity & Information Security (GSEC) and/or Networking (CCNA) or any other related field.Practical hands-on experience with enterprise VA/PT tools and software, e.g Nessus, Burp suite, OpenVAS, Nikto and exploit frameworks.Active membership in at least one (1) professional body.Work ExperienceThree (3) years’ experience with at least two (2) years' experience in a cybersecurity and VA/PT analysis environment.

RESPONSIBILITIES

Technical and Operational ResponsibilitiesPerform targeted Vulnerability Assessment and Penetration Testing (VA/PT) to identify flaws on systems and applications of regulated entities.Write reports detailing the findings of VA/PT exercises explaining the attack vectors of Cyberattacks.Reviewing results of VA/PT exercises before dispatch.Providing recommendations on fixing the issues identified during VA/PT exercises.Carrying out Open-Source Intelligence (OSINT) collection on Cyber Threat Actors.Supporting, liaising and coordinating with other incident response teams in identifying cyber-attack vectors by analyzing raw data and identifying suspicious patterns.Incidence Response engagements on regulated entities to ensure recovery and efficiency in incident response management.Adhere to VA/PT and incident management policies, best practices and SOP manuals.Prepare Cyber Security training/awareness material for the financial sector.Maintain records of all Cyber incidents recorded and their status.Maintain catalogue of all VA/PT tools and equipment.Other ResponsibilitiesConduct research on Cyber Threat Actors Tactics, Techniques and Procedures (TTPs)Any other duties assigned.

REQUIRED SKILLS

Cyber security, IT management, Risk management, Safety systems

REQUIRED EDUCATION

Bachelor's degree